Описание
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration.
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-20107
- https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/146b4f38010a48c36b7d9650060ca354c92ab4ac
- https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/7647a7b53ceab31524cfcfb3beb8435af0a30fc1
- https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/942c406fcee5d376235a264cb8a79300a0002d20
- https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/bcf7b971b5c88ea08d2dc47685f319be3b02cea8
- https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/d27690c6cb7708a6db0701b6428381d32d51495a
- https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/e2d88c9d7f8e02640ba65e5ff74b55d0399a53d0
- https://twitter.com/TLOpenSource/status/1212394020946751489
- http://mantis.testlink.org/view.php?id=8829
- http://mantis.testlink.org/view.php?id=8829#c29360
EPSS
CVE ID
Связанные уязвимости
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration.
EPSS